Re: [Jailkit-users] Re: Jailkit-users Digest, Vol 36, Issue 2

jailkit-users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Jailkit-users] Re: Jailkit-users Digest, Vol 36, Issue 2

From:	Olivier Sessink
Subject:	Re: [Jailkit-users] Re: Jailkit-users Digest, Vol 36, Issue 2
Date:	Wed, 05 Nov 2008 09:06:31 +0100
User-agent:	Thunderbird 2.0.0.17 (X11/20080925)

Kevin wrote:

> Hello Olivier, I have a similar question like Jim's.
> I am not worrying about the system files in the virtual enviroment,
> but if I jail a few users in the same place, they can access other
> users' file each other. It is a big deal at a secret shared hosting
> machine.
> 
> Is there a solution that when a jailed user run a "ls -la /home", his
> can only see his own home directory?

Access to files is easy to stop, simply use file permissions, make sure
home directories have 0700 permissions.

Seeing the existence of other users is more difficult. You can play
around with directory permissions, remove the x or the r on /home?? I'm
not sure if that stops the login process from functioning but you can
give it a try.

> If I prepare a jail for each user, it will be the best security, but
> wastes a lot of disk space.

jk_init and jk_cp both have the option -k to use hardlinks when creating
a jail. That way a jail does not use any disk space as long as you stay
within the same filesystem.

regards,
        Olivier

[Prev in Thread]

Current Thread

[Next in Thread]

[Jailkit-users] Re: Jailkit-users Digest, Vol 36, Issue 2, Kevin, 2008/11/04
- Re: [Jailkit-users] Re: Jailkit-users Digest, Vol 36, Issue 2, Olivier Sessink <=

Prev by Date: [Jailkit-users] Re: Jailkit-users Digest, Vol 36, Issue 2
Next by Date: Re: [Jailkit-users] I can't jail mldonkey
Previous by thread: [Jailkit-users] Re: Jailkit-users Digest, Vol 36, Issue 2
Next by thread: [Jailkit-users] SU problem in jail
Index(es):
- Date
- Thread